Add your organization's brand to your Microsoft Purview Message Encryption encrypted messages
Apply your company branding to customize the look of your organization's email messages and the encryption portal. You need to apply global administrator permissions to your work or school account before you can get started. You customize branding in one of two ways, using Exchange Online PowerShell or Microsoft Purview Data Loss Prevention (DLP) policies.
For more information about using Microsoft Purview Data Loss Prevention (DLP) policies to add customized branding to encrypted messages, see these resources.
- Supported action: Exchange for details on this action.
- Design a data loss prevention policy if you're new to DLP and want to learn more about what goes into preparing to create a DLP policy.
- Create and Deploy data loss prevention policies for examples on how to create and deploy a DLP policy.
The rest of this article describes using Exchange Online PowerShell.
Use the Get-OMEConfiguration and Set-OMEConfiguration cmdlets in Exchange Online PowerShell to customize these parts of encrypted email messages:
- Introductory text
- Disclaimer text
- URL for Your organization's privacy statement
- Text in the encrypted message portal
- Logo that appears in the email message and encrypted message portal, or whether to use a logo at all
- Background color in the email message and encrypted message portal
You can also revert back to the default look and feel at any time.
If you'd like more control, use Microsoft Purview Advanced Message Encryption to create multiple templates for encrypted emails originating from your organization. Use these templates to control parts of the end-user experience. For example, specify whether recipients can use Google, Yahoo, and Microsoft Accounts to sign in to the encryption portal. Use templates to fulfill several use cases, such as:
- Individual departments, such as Finance, Sales, and so on.
- Different products
- Different geographical regions or countries
- Whether you want to allow emails to be revoked
- Whether you want emails sent to external recipients to expire after a specified number of days.
Once you've created the templates, apply them to encrypted emails sent from your online mailbox by using Exchange mail flow rules. If you have Microsoft Purview Advanced Message Encryption, you can revoke any email that you have branded.
Tip
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.
Work with branding templates
You can modify several features within a branding template, and modify, but not remove, the default template. If you have Advanced Message Encryption, you can also create, modify, and remove custom templates. Use Exchange Online PowerShell to work with one branding template at a time.
- Set-OMEConfiguration - Modify the default branding template or a custom branding template that you created.
- New-OMEConfiguration - Create a new branding template, Advanced Message Encryption only.
- Remove-OMEConfiguration - Remove a custom branding template, Advanced Message Encryption only. You can't delete the default branding template.
Modify a branding template
Use Exchange Online PowerShell to modify one branding template at a time. If you have Advanced Message Encryption, you can also create, modify, and remove custom templates.
Using a work or school account that has global administrator permissions in your organization, connect to Exchange Online PowerShell. For instructions, see Connect to Exchange Online PowerShell.
Use the Set-OMEConfiguration cmdlet as described in Set-OMEConfiguration or use the following graphic and table for guidance.
| To customize this feature of the encryption experience | Use these commands |
|---|---|
| Background color | Set-OMEConfiguration -Identity "<ConfigurationName>" -BackgroundColor "<#RRGGBB hexadecimal color code or name value>" Example: For more information about background colors, see the Background colors section later in this article. |
| Logo | Set-OMEConfiguration -Identity "<ConfigurationName>" -Image <Byte[]> Example: Supported file formats: .png, .jpg, .bmp, or .tiff Optimal size of logo file: less than 40 KB Optimal size of logo image: 170x70 pixels. If your image exceeds these dimensions, the service resizes your logo for display in the portal. The service doesn't modify the graphic file itself. For best results, use the optimal size. |
| Text next to the sender's name and email address | Set-OMEConfiguration -Identity "<ConfigurationName>" -IntroductionText "<String up to 1024 characters>" Example: |
| Text that appears on the "Read Message" button | Set-OMEConfiguration -Identity "<ConfigurationName>" -ReadButtonText "<String up to 1024 characters>" Example: |
| Text that appears below the "Read Message" button | Set-OMEConfiguration -Identity "<ConfigurationName>" -EmailText "<String up to 1024 characters>" Example: |
| URL for the Privacy Statement link | Set-OMEConfiguration -Identity "<ConfigurationName>" -PrivacyStatementURL "<URL>" Example: |
| Disclaimer statement in the email that contains the encrypted message | Set-OMEConfiguration -Identity "<OMEConfigurationName>" -DisclaimerText "<Disclaimer statement. String of up to 1024 characters.>" Example: |
| Text that appears at the top of the encrypted mail viewing portal | Set-OMEConfiguration -Identity "<OMEConfigurationName>" -PortalText "<Text for your portal. String of up to 128 characters.>" Example: |
| To enable or disable authentication with a one-time pass code for this custom template | Set-OMEConfiguration -Identity "<OMEConfigurationName>" -OTPEnabled <$true|$false> Examples: To disable one-time passcodes for this custom template |
| To enable or disable authentication with Microsoft, Google, or Yahoo identities for this custom template | Set-OMEConfiguration -Identity "<OMEConfigurationName>" -SocialIdSignIn <$true|$false> Examples: To disable social IDs for this custom template |
Create an encrypted message branding template (Advanced Message Encryption)
If you have Microsoft Purview Advanced Message Encryption, you can create custom branding templates for your organization by using the New-OMEConfiguration cmdlet. Once you've created the template, you modify the template by using the Set-OMEConfiguration cmdlet as described in Modify a branding template. You can create multiple templates.
To create a new custom branding template:
Using a work or school account that has global administrator permissions in your organization, connect to Exchange Online PowerShell. For instructions, see Connect to Exchange Online PowerShell.
Use the New-OMEConfiguration cmdlet to create a new template.
New-OMEConfiguration -Identity "<OMEConfigurationName>"For example,
New-OMEConfiguration -Identity "Custom branding template"
Return the default branding template to its original values
To remove all modifications from the default template, including brand customizations, and so on, complete these steps:
Using a work or school account that has global administrator permissions in your organization, connect to Exchange Online PowerShell. For instructions, see Connect to Exchange Online PowerShell.
Use the Set-OMEConfiguration cmdlet as described in Set-OMEConfiguration. To remove your organization's branded customizations from the DisclaimerText, EmailText, and PortalText values, set the value to an empty string,
"". For all image values, such as Logo, set the value to"$null".The following table describes the encryption customization option defaults.
To revert this feature of the encryption experience back to the default text and image Use these commands Default text that comes with encrypted email messages. The default text appears above the instructions for viewing encrypted messages Set-OMEConfiguration -Identity "<OMEConfigurationName>" -EmailText "<empty string>"Example:
Set-OMEConfiguration -Identity "Message encryption configuration" -EmailText ""Disclaimer statement in the email that contains the encrypted message Set-OMEConfiguration -Identity "<OMEConfigurationName>" DisclaimerText "<empty string>"Example:
Set-OMEConfiguration -Identity "Message encryption configuration" -DisclaimerText ""Text that appears at the top of the encrypted mail viewing portal Set-OMEConfiguration -Identity "<OMEConfigurationName>" -PortalText "<empty string>"Example reverting back to default:
Set-OMEConfiguration -Identity "Message encryption configuration" -PortalText ""Logo Set-OMEConfiguration -Identity "<OMEConfigurationName>" -Image <"$null">Example reverting back to default:
Set-OMEConfiguration -Identity "Message encryption configuration" -Image $nullBackground color Set-OMEConfiguration -Identity "<ConfigurationName>" -BackgroundColor "$null">Example reverting back to default:
Set-OMEConfiguration -Identity "Message encryption configuration" -BackgroundColor $null
Remove a custom branding template (Advanced Message Encryption)
You can only remove or delete branding templates that you've made. You can't remove the default branding template.
To remove a custom branding template:
Using a work or school account that has global administrator permissions in your organization, connect to Exchange Online PowerShell.
Use the Remove-OMEConfiguration cmdlet as follows:
Remove-OMEConfiguration -Identity "<OMEConfigurationName>"For example,
Remove-OMEConfiguration -Identity "Branding template 1"For more information, see Remove-OMEConfiguration.
Create an Exchange mail flow rule that applies your custom branding to encrypted emails sent from your online organization to external recipients
Important
Third-party applications that scan and modify mail can prevent branding from being applied correctly.
After you've either modified the default template or created new branding templates, you can create Exchange mail flow rules to apply your custom branding based on certain conditions. Most importantly, the email must be encrypted. Such a rule applies custom branding to mail sent from your online mailbox in the following scenarios:
- If the email was manually encrypted by the end user using Outlook or Outlook on the web, formerly Outlook Web App
- If the email was automatically encrypted by an Exchange mail flow rule or Microsoft Purview Data Loss Prevention policy
To ensure Microsoft Purview Message Encryption applies your custom branding, set up a mail flow rule to encrypt your messages. The priority of the encryption rule should be higher than the branding rule so that the encryption rule is processed first. By default, if you create the encryption rule before the branding rule, then the encryption rule has a higher priority. For information, see Define mail flow rules to encrypt email messages in Office 365. For information on setting the priority of a mail flow rule, see Manage mail flow rules.
In a web browser, using a work or school account that has been granted global administrator permissions, sign in to Office 365.
Choose the Admin tile.
In the Microsoft 365 admin center, choose Admin centers > Exchange.
In the EAC, go to Mail flow > Rules and select New
> Create a new rule. For more information about using the EAC, see Exchange admin center in Exchange Online.In Name, type a name for the rule, such as Branding for sales department.
In Apply this rule if, select the condition The sender is located inside the organization and other conditions you want from the list of available conditions. For example, you might want to apply a particular branding template to:
- All encrypted emails sent from members of the finance department
- Encrypted emails sent with a certain keyword such as "External" or "Partner"
- Encrypted emails sent to a particular domain
If you've already defined a mail flow rule to apply encryption, skip this step. Otherwise, to configure the mail flow rule to apply encryption, from Do the following, select Modify the message security, and then select Apply Office 365 Message Encryption and rights protection. Select a Rights Management Service (RMS) template from the list and then select add action.
The list of templates includes default templates and options and any custom templates you create. If the list is empty, ensure that you have set up Microsoft Purview Message Encryption. For instructions, see Set up Microsoft Purview Message Encryption. For information about the default templates, see Configuring and managing templates for Azure Information Protection. For information about the Do Not Forward option, see the Do Not Forward option for emails. For information about the Encrypt Only option, see Encrypt Only option for emails.
From Do the following, select Modify the message security > Apply custom branding to OME messages. Next, from the drop-down, select a branding template.
Select add action if you want to specify another action, or select Save, and then select OK.
Background color reference
The color names that you can use for the background color are limited. Instead of a color name, you can use a hex code value (#RRGGBB). You can use a hex code value that corresponds to a color name, or you can use a custom hex code value. Be sure to enclose the hex code value in quotation marks (for example, "#f0f8ff").
The available background color names and their corresponding hex code values are described in the following table.
| Color name | Color code |
|---|---|
aliceblue |
#f0f8ff |
antiquewhite |
#faebd7 |
aqua |
#00ffff |
aquamarine |
#7fffd4 |
azure |
#f0ffff |
beige |
#f5f5dc |
bisque |
#ffe4c4 |
black |
#000000 |
blanchedalmond |
#ffebcd |
blue |
#0000ff |
blueviolet |
#8a2be2 |
brown |
#a52a2a |
burlywood |
#deb887 |
cadetblue |
#5f9ea0 |
chartreuse |
#7fff00 |
chocolate |
#d2691e |
coral |
#ff7f50 |
cornflowerblue |
#6495ed |
cornsilk |
#fff8dc |
crimson |
#dc143c |
cyan |
#00ffff |
darkblue |
#00008b |
darkcyan |
#008b8b |
darkgoldenrod |
#b8860b |
darkgray |
#a9a9a9 |
darkgreen |
#006400 |
darkkhaki |
#bdb76b |
darkmagenta |
#8b008b |
darkolivegreen |
#556b2f |
darkorange |
#ff8c00 |
darkorchid |
#9932cc |
darkred |
#8b0000 |
darksalmon |
#e9967a |
darkseagreen |
#8fbc8f |
darkslateblue |
#483d8b |
darkslategray |
#2f4f4f |
darkturquoise |
#00ced1 |
darkviolet |
#9400d3 |
deeppink |
#ff1493 |
deepskyblue |
#00bfff |
dimgray |
#696969 |
dodgerblue |
#1e90ff |
firebrick |
#b22222 |
floralwhite |
#fffaf0 |
forestgreen |
#228b22 |
fuchsia |
#ff00ff |
gainsboro |
#dcdcdc |
ghostwhite |
#f8f8ff |
gold |
#ffd700 |
goldenrod |
#daa520 |
gray |
#808080 |
green |
#008000 |
greenyellow |
#adff2f |
honeydew |
#f0fff0 |
hotpink |
#ff69b4 |
indianred |
#cd5c5c |
indigo |
#4b0082 |
ivory |
#fffff0 |
khaki |
#f0e68c |
lavender |
#e6e6fa |
lavenderblush |
#fff0f5 |
lawngreen |
#7cfc00 |
lemonchiffon |
#fffacd |
lightblue |
#add8e6 |
lightcoral |
#f08080 |
lightcyan |
#e0ffff |
lightgoldenrodyellow |
#fafad2 |
lightgray |
#d3d3d3 |
lightgrey |
#d3d3d3 |
lightgreen |
#90ee90 |
lightpink |
#ffb6c1 |
lightsalmon |
#ffa07a |
lightseagreen |
#20b2aa |
lightskyblue |
#87cefa |
lightslategray |
#778899 |
lightsteelblue |
#b0c4de |
lightyellow |
#ffffe0 |
lime |
#00ff00 |
limegreen |
#32cd32 |
linen |
#faf0e6 |
magenta |
#ff00ff |
maroon |
#800000 |
mediumaquamarine |
#66cdaa |
mediumblue |
#0000cd |
mediumorchid |
#ba55d3 |
mediumpurple |
#9370db |
mediumseagreen |
#3cb371 |
mediumslateblue |
#7b68ee |
mediumspringgreen |
#00fa9a |
mediumturquoise |
#48d1cc |
mediumvioletred |
#c71585 |
midnightblue |
#191970 |
mintcream |
#f5fffa |
mistyrose |
#ffe4e1 |
moccasin |
#ffe4b5 |
navajowhite |
#ffdead |
navy |
#000080 |
oldlace |
#fdf5e6 |
olive |
#808000 |
olivedrab |
#6b8e23 |
orange |
#ffa500 |
orangered |
#ff4500 |
orchid |
#da70d6 |
palegoldenrod |
#eee8aa |
palegreen |
#98fb98 |
paleturquoise |
#afeeee |
palevioletred |
#db7093 |
papayawhip |
#ffefd5 |
peachpuff |
#ffdab9 |
peru |
#cd853f |
pink |
#ffc0cb |
plum |
#dda0dd |
powderblue |
#b0e0e6 |
purple |
#800080 |
red |
#ff0000 |
rosybrown |
#bc8f8f |
royalblue |
#4169e1 |
saddlebrown |
#8b4513 |
salmon |
#fa8072 |
sandybrown |
#f4a460 |
seagreen |
#00ff00 |
seashell |
#fff5ee |
sienna |
#a0522d |
silver |
#c0c0c0 |
skyblue |
#87ceeb |
slateblue |
#6a5acd |
slategray |
#708090 |
snow |
#fffafa |
springgreen |
#00ff7f |
steelblue |
#4682b4 |
tan |
#d2b48c |
teal |
#008080 |
thistle |
#d8bfd8 |
tomato |
#ff6347 |
turquoise |
#40e0d0 |
violet |
#ee82ee |
wheat |
#f5deb3 |
white |
#ffffff |
whitesmoke |
#f5f5f5 |
yellow |
#ffff00 |
yellowgreen |
#9acd32 |